- liquidswards -- Know, don't guess, who can access what (IAM Roles).
- cdn-proxy -- Bypass CDN and WAF restrictions using CDN re-fronting.
- msh -- Multivac Shell
- little-stitch -- Send and receive bypassing Little Snitch alerting.
- dsnap -- Utility for downloading and mounting EBS snapshots using the EBS Direct API's
- awesome-cloud-sec -- Awesome list for cloud security related projects.
- marionette -- Active/Passive UserData swap PoC
- UserDataSwap -- Example of how an attacker might swap user data temporarily to execute arbitrary commands
- EC2FakeImds -- Spoofing IMDS for nodes in a VPC. PoC based on https://blog.ryanjarv.sh/2020/10/19/imds-persistence.html
- cli-hijacker -- Fork of aws-vault for the cli-hijacker PoC.
- RhinoSecurityLabs/amazon-ssm-agent -- Fork of amazon-ssm-agent that can run as any user in parallel with the official service.
- Pacu -- The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
- CloudGoat -- CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool
- sous-chefs/varnish -- Chef Development repository for the varnish cookbook
- Pacu2 and pacu3 -- Early expirimental rewrites of pacu
- nettomidi -- Net -> MIDI (Listen to your network!)
- pingscan -- Messing around with sockets
- steampipe_alchemy -- SQLAlchemy wrapper around Steampipe.
- coderun -- Running scripts in an isolated environment should be stupid easy.
- dockersnitch -- Like little snitch but for docker
- randrust -- Rust HTTP server that returns random bytes encoded with base64
- puppet-randrust -- Puppet module for randrust
- minecraft_server -- Chef repo for creating a Minecraft server in AWS
- ditto -- Mimic any command
- lq -- An exactly once, in-order queue that delivers both past and future messages to all subscribers.
- gocash -- Redis like cashier service in GoLang
- aws_session_recorder (Python) -- AWS session that records discovered resources to a database
- awsconfig -- AWS Config rules for non-default IMDS routes (partially obsolete)